Is Your Business’ Reputation on the Line?

All too often you hear another major company is the victim of a data breach and millions of their customers are at risk of having their identities stolen and their bank accounts compromised. What you hear on the news is just a snapshot of what is happening to businesses of all sizes on a frequent basis. No business or organization is safe from an attack and it is incumbent upon the owners, employees, and stakeholders to ensure that sensitive information is protected and that there is a plan in place to remedy a breach should it occur. Failing to do so puts the organization in the risky position of having a damaged reputation; lost customers and revenue; stolen intellectual property and trade secrets; hefty fines levied against it; and lengthy and costly litigation. You work hard to build your brand so put the time and effort into protecting it.

So What Should a Business Owner Do?

Take Inventory. Who sends information to you? How is the information received? Where and how is the information stored?

Scale Down. Only keep the data you need and properly dispose of the unnecessary data. Remember – if you collect and keep it you must protect it!

Protect the Data. Put security policies in place to protect both your physical assets and your network. Data backups should be performed regularly so you don’t lose valuable information. Also, be mindful of any regulations and standards that apply to your business. For example, if you process credit cards you are required to follow the Payment Card Industry Data Security Standard (PCI DSS). If you handle health records, the Health Insurance Portability and Accountability Act (HIPAA) would apply.

Provide Security Awareness and Training. The success of your policy implementation depends on the policies being properly interpreted and enforced. Routinely educate your organization’s leadership, employees, vendors, and stakeholders so they understand the importance and value of your policies. Keep in mind that humans are the weakest link in the security chain. People often let their guard down and get tired or distracted, so ensure you implement training that will help them keep information security top of mind.

Develop a Data Breach (Incident) Response Plan. So what happens if you’ve done everything you’re supposed to do and you experience a data breach? Having a data breach response plan in place helps you effectively engage the right team of people who have the expertise to stop an attack, investigate a previous attack, engage law enforcement, communicate with employees and stakeholders, and properly inform the media. To ensure a smooth response, your plan should also include performing simulations based on a variety of scenarios that prepare for an actual breach.

Consult a cyber security expert and get legal advice. No two businesses are alike and there is no one-size-fits-all course of action when it comes to protecting your organization’s unique needs. It is imperative that you consult professionals who are highly skilled in helping you develop the policies and plans that you need to protect your business and its brand.